Tag Archives: spam

HAHAHAHAHAHAHAHAHA!!! 🤪🤣

last year i switched away from my then-new host provider after a very short period of time because it turned out that they were a spam-haven.

before i switched, it got so bad that i set up a monitor at MXToolbox to check whether or not my IP address had been listed at any blacklists.

the host provider was incensed at this, and swore up and down that they had robust anti-spam policies that were enforced with an iron fist, but i switched away from them shortly afterwards, anyway.

today i got a notice from the monitor. apparently 69.162.87.36 is running an open relay and has a poor reputation

so much for “robust anti-spam policies enforced with an iron fist”. 🤣🤣🤣🤣🤣

anti-spam

the following is a list of the TLD names that i have blocked from sending email to any email address at Hybrid Elephant:

.bid
.br – Brazil
.cf – Central African Republic
.club
.cn – China
.date
.direct
.do – Dominican Republic
.download
.es – Spain
.faith
.fun
.gq – Equatorial Guinea
.hk – Hong Kong
.host
.icu
.live
.loan
.ooo
.online
.party
.pro
.racing
.review
.ru – Russia
.space
.store
.stream
.top
.trade
.webcam
.win
.world
.xyz
.za – South Africa

if you are from any of these TLDs, you might as well give up on the idea of sending email to me.

related post

eeeenteresting! 😉

i got this email message today. it’s not from somebody i know, which usually indicates that it is spam, but in this case, i was, initially, lead to a different conclusion. on the surface, the message looked like this:

I would like to buy your arts
Date: Friday 181116 09:02AM
From: Piper Dover <Marcel at thermaclick dot biz>
To: (my email address)
Good morning! I found your projects in the internet and I need to make a gift for my father.
If it is not hard for you please, help me with the order.
Write me back when you will be on your workplace, please..
Kind regards, I expect your reply, I will send all details that I am interested in.

this is… okay, the person doesn’t speak english too well, but they’re able to convey, which is the important part. but “found your projects in the internet” is a little troubling, because, as far as i know, these days, “my projects” are all on my domains — przxqgl.info, puggryduckling.com, hybridelephant.com and friendlyswastika.art — which, admittedly, are “in the internet” and would even probably be referred to as such by people who don’t understand “the internet”, but it’s still something that makes me wonder. another thing that caught my attention right away is that it is “From:” Piper Dover, whose email address is “Marcel at thermaclick dot biz”. i don’t know about you, but i don’t know ANY “real” person whose email address contains a name that is not their real name… which means that, either, this person’s name is not “piper”, or this person’s name is not “marcel”, and, very likely, both of them. NOT a good sign. “make a gift for my father” also makes me wonder, because the “gifts” that i have are not ones that i would think of as ones that i would give to my father, but it takes all kinds, and it’s possible that they were actually referring to my pipes, or bongs… or, maybe, they want me to make something in the style of something else that they’ve seen “in the internet”. also troubling are the “help me with the order” and “when you will be on your workplace” statements, as both of them are irrelevant.

but where the message started to get strange was when i looked at the headers…

yes, i ALWAYS look at the headers for “suspicious” emails, before i do anything else. don’t you? if not, WHY NOT?? 😕

… where i discovered that, if i had “replied” to this message, it would not have gone to “Marcel at thermaclick dot biz”, but, instead, would have gone to “isabellayehudit28 at gmail dot com”, because of a header called “Reply-To:” which nobody knows about these days, but has been a standard part of email for as long as email has been around… and who is “isabella yehudit 28”??? why is she getting in the way of my communicating with “piper” or “marcel” or whoever he is?

at this point, i reached the conclusion that it was, in fact, spam, and proceeded to report it as such. it turned out that the message was sent from the russian federation, thermaclick dot biz is blocked by URIBL, and the message is Base64-Encoded, all of which are STRONG indicators of spammy activity.

the point being that even experts can get confused sometimes, so don’t rely on what they say, but do the extra steps necessary to prove it for yourself. 👍

interesting

the past few weeks (maybe as much as a couple months) i have been getting anywhere from 4 to 24 “porn spam scam” emails per day — you know the ones, where the guy claims to be a “hacker” who has “taken over” your computer, is emailing you “from your own email address”, doesn’t speak english too well, and demands some random amount in bitcoin to prevent him from revealing your “pornographic indiscretions” to “everyone on your contact list” (😒) — and i have been reporting EVERY! SINGLE! ONE! to their upstream provider, and to the bitcoin abuse web site… but for the past couple of days, i have noticed that the constant stream has dropped off considerably: two days ago, i received two messages, yesterday i only received one, and, so far, today, i haven’t received any.

i also noticed that, a few days ago, i started seeing specific SpamAssassin rules that are targeted towards the porn-spam-scam racket (bitcoin address recognition and “from:” address spoofing are the two big ones), but considering the massive influx of porn-spam-scam messages over the past couple of months, i would have expected a much more gradual drop-off.

anti-spam, anti-fraud information

the past couple of months i have been getting an inordinate amount of spam that goes something like this:

Hello!
I’m a member of an international hacker group.

As you could probably have guessed, your account X was hacked, because I sent message you from it.

Now I have access to you accounts!
For example, your password for X is X

Within a period from July 17, 2018 to October 3, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we’ve gotten full damps of these data.

We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one…

Transfer $800 to our Bitcoin wallet: 14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w
If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.

I guarantee that after that, we’ll erase all your “data” ?

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.

please note: THIS IS FAKE NEWS!

whoever it is that sent it DOES NOT have access to my, or anyone else’s email account, despite what they may want you to think.

how do i know this? i have received at least 10 messages which are almost exactly identical to this one, down to the inconsistent english, carriage returns, and even the supposedly unique bitcoin wallet ID. the only significant difference in all of these messages is in the headers, which most people never see.

i want to go through this message, statement by statement, and show you exactly WHY it is fake news, and you shouldn’t buy into their scam.

first,

I’m a member of an international hacker group.

no you are not a member of an international hacker group. if you were, you wouldn’t have to tell me so. you are, in fact, a skript-kiddie who thinks he can make money by using other peoples’ code to mess up my internet: you are a vandal and a criminal, and i WILL track you down and turn you in, because it’s easy-peasy. 😠

As you could probably have guessed, your account X was hacked, because I sent message you from it.

any real hacker can tell you that you don’t actually have to have access to the account that’s on the “FROM:” line in your email, in order to make it look like you have access to that account. the fact is, i can send email to anybody i like, put whatever email address i like on the “FROM:” line, and 98% of the time, it will go through to the recipient without any difficulty. this is because the “FROM:” line is one of the easiest parts of the email to spoof. i have sent email that looks like it was coming from Bill Gates, and, if you didn’t know that i was sending it, and you have no way of looking at the email headers, you would think it was Bill Gates, and not me.

but you would be wrong.

then:

Now I have access to you accounts!
For example, your password for X is X

this password (which i have “X”ed out) is an authentic password from me, but because i have kept a list of every password i used, and where i used it, i KNOW that it is AT LEAST five years old, and has been superceded many times by more potent passwords. nevertheless, i also KNOW EXACTLY where i used this password last, so the first thing on my list is to write to the administrators of that place, and let them know that they’ve experienced a security breach.

then, just to make sure, i CHANGE MY PASSWORD AGAIN!!! just because they don’t really know anything is no reason not to be cautious times five… 👍

once again:

Within a period from July 17, 2018 to October 3, 2018, you were infected by the virus we’ve created, through an adult website you’ve visited. So far, we have access to your messages, social media accounts, and messengers. Moreover, we’ve gotten full damps of these data.

surprise! i KNOW that this is fake news, because i KNOW that i have not visited adult web sites. EVER! this may be a little more difficult for some other people, but for me, it’s a no-brainer: you are much less likely to be infected with a virus if you don’t visit adult web sites. the “full damps” of these data are imaginary.

not only that, but starting on 10 july — which is before the alleged “infection” — i was not even near my computer, much less using it, for at least a week, and i haven’t even had any social media accounts or messengers since about a week later. FAIL!

and, just as an aside… what are “full damps” anyway? i would have called them “downloads”… i have never heard the word “damps” used to mean “downloads”… do these people even speak english???

if you actually do visit adult web sites, you may be taken aback by this claim, but keep in mind the first part of the message, where they claimed to have access to my email account: they were wrong then, so the probability is quite high that they are wrong now, as well.

We are aware of your little and big secrets…yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..

i admit that my tastes are quite weird, but the fact that you “saw and recorded” me doing those things is a lie: i don’t even have a webcam, or any kind of device that could record me doing stuff that i don’t even do in front of my computer anyway.

once again, if you have a webcam on your computer, it may be a good idea to cover it with a piece of tape when you’re not using it, but the fact is, people who write you out of the blue and claim to have access to your computer, are lying, more likely than not.

now we come to the real reason people send out spam like this:

Transfer $800 to our Bitcoin wallet: 14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w
If you don’t know about Bitcoin please input in Google “buy BTC”. It’s really easy.

yeah, bitcoin is really easy to hide your transactions and make them more anonymous, but if the person who is asking you to send them bitcoin for stuff that they have been lying about, then it is also harder for you to get your money back when you figure out that you have been lied to… which is why it’s always a good idea to make sure that the information you have been given is NOT a lie before you make your transaction.

in this case, they’re lying about the virus, the adult web site, the visual and audio recording, and the amount of data they claim to have collected, so i am confident that, if i were to look up their bitcoin wallet address, there’s a good chance that it, too, will have been shut down for fraudulent activity. yes, it is possible for that to happen, and in cases like this, it is fairly frequent.

ETA: i’m wrong about this one. the bitcoin wallet at 14bXUoPwruptLamUfKTuMW39Qy1q4ohX9w is active, showing 17 transactions (at this time) worth 1.95616527 BTC, or, $12,949.81 USD at this time… all the more reason to realise that THIS IS A SCAM!!! if you’re interested in reporting scam bitcoin wallets, you can do so here, as i have.

A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.

this “timer” is more impetus for you to act immediately, without checking any of the above mentioned information for inconsistencies. i know that it’s not true because i have received several messages like this, over the past two months, and nothing has ever happened to me, my “data” has not been mailed to my contacts (as will be seen in the next statement), simply because 1) they don’t have any of my contact information, and 2) they don’t have any data.

they’re just trying to scare me, and it’s not working.

Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.

see? they’re threatening to send “all your messages and videos” — which they don’t have — “to all your contacts” — which they also don’t have — unless you send $800 to a bitcoin wallet which no longer exists.

by this time, you are EITHER freaking out and reading up on converting regular money to bitcoin, or you, like me, are laughing out loud, and wondering why other people are so stupid.

because, if you think about it, $800 is a fairly small amount of money to extort from someone who is willing to give it to you without doing their homework… so what is preventing them from saying your data has been erased, but, actually has been put into a separate category of data that can be used to extort more money from you, at a later time?

of course, if they don’t have any of that data (as in my case) i have nothing to worry about, but for people who might have data like that, who knows what they may do, even if everything else is a lie?

finally, a LEEEETLE TINY BIT of common sense, to finish things up:

You should always think about your security. We hope this case will teach you to keep secrets. Take care of yourself.

basically, if it’s on internet, it’s not a secret. if your computer is on internet, there’s a remote chance that something like this really may happen to you at some point, if you also keep your secrets on your computer. thus, the logical conclusion is that if you keep your secrets somewhere other than on your computer (or your tablet, or your cell phone), you won’t have any problems deleting the message when you get spam like this.

for those of you who may remember the screed i wrote about how to report spam: if you receive a message like this, that would be a good place to start. 😉